Available for senior IAM roles

Senior IAM Engineer
Identity Architecture · Zero Trust · Protocol Engineering

I design and build enterprise identity infrastructure — SCIM provisioning platforms, SSO federation, Zero Trust policy engines, and non-human identity governance. This portfolio is evidence-first: architecture, flows, controls, and prototypes under development.

This portfolio separates implemented work, prototypes, design-stage work, and planned evidence so reviewers can distinguish current capability from roadmap items.

Proof of Work

Eight projects with explicit status and evidence claims, so it is clear exactly what exists today and what is still pending.

In DevelopmentSanitized demos addedRepo pendingWalkthrough pending

SCIM Connector Platform

  • Multi-tenant SCIM v2 platform with self-service tenant and connector setup
  • Bearer token per connector — PBKDF2-SHA256, 600k iterations, random salt, display-once pattern
  • Health check, readiness, and metrics endpoints; structured audit log per provisioning event
In DevelopmentRepo pending

SCIM v2 Protocol Implementation

  • Full CRUD + PATCH for /Users and /Groups resources
  • ServiceProviderConfig, Schemas, ResourceTypes discovery endpoints
  • RFC 7643 / RFC 7644 filter support: userName, email, externalId
In DevelopmentSanitized demo added

Customer Self-Service Portal

  • Tenant creation with isolated connector namespacing
  • Connector token generation with display-once UX
  • Admin/operator cross-tenant dashboard
In DevelopmentDocumentation

Secure Token Handling

  • PBKDF2-SHA256, 600k iterations, random salt — plaintext never stored
  • Token display-once: shown at creation, never retrievable again
  • Rotation: revoke and reissue without tenant downtime
In DevelopmentSanitized demo added

Audit Logging and Metrics

  • Structured JSON events: actor, resource, action, outcome, timestamp
  • Metrics endpoint — Prometheus-compatible counters for provisioned count, error rate, and latency
  • Health check and readiness check endpoints for orchestration-layer probes
PrototypeDocumentation

SSO Troubleshooting Workflow

  • SAML POST binding trace: capture, decode, redact, explain
  • OIDC flow analysis: auth code, PKCE, token exchange
  • Failure pattern library: clock skew, wrong ACS URL, expired cert, missing attribute
PrototypeDocumentationSanitized demo added

Zero Trust Policy Engine

  • Policy: identity active + MFA satisfied + role valid + token valid + risk low + scope assigned
  • Explicit deny with reason logged for every rejected request
  • Decision table: 6 actors including humans and service accounts
Design StageDocumentationSanitized demo added

Non-Human Identity Governance

  • OAuth2 client credentials lifecycle: creation, rotation, revocation
  • Scope assignment with least-privilege enforcement
  • Over-privilege detection: compare assigned vs used scopes, flag drift

Case Studies

Five deep-dive case studies with architecture, flows, controls, and design reasoning.

Capability Areas

Technical domains covered across this portfolio, with hands-on project evidence for each.

Identity Protocols

  • ·SCIM v2 — RFC 7643 / RFC 7644
  • ·SAML 2.0
  • ·OIDC / OAuth 2.0
  • ·FIDO2 / WebAuthn
  • ·WS-Federation

Platform Design

  • ·Multi-tenant SaaS architecture
  • ·Token lifecycle management
  • ·Tenant isolation patterns
  • ·API security design

Identity Lifecycle

  • ·Joiner / Mover / Leaver flows
  • ·SCIM provisioning and deprovisioning
  • ·Role assignment automation
  • ·Access certification campaigns

Zero Trust and Policy

  • ·Policy engine design
  • ·Risk-based access control
  • ·Continuous verification
  • ·Adaptive authentication

Non-Human Identity

  • ·OAuth2 client credentials
  • ·Service account governance
  • ·Scope enforcement
  • ·Credential rotation

Governance and Operations

  • ·Structured audit logging
  • ·Prometheus metrics
  • ·IAM control mapping
  • ·SOC 2 / NIST alignment

IAM Architecture Stack

The identity and access management stack this portfolio addresses — from IdP integration down to governance and operations.

Identity Providers
OktaMicrosoft Entra IDAuth0Any SCIM-compatible IdP
Federation and SSO
SAML 2.0OIDC / OAuth 2.0SCIM v2WS-Federation
Identity Platform
Policy EngineSCIM ConnectorToken ServiceAudit Bus
Access Control
RBACZero Trust PolicyJIT AccessScope Enforcement
Governance and Ops
Audit LoggingAccess ReviewsMetrics / SIEMHealth Monitoring

Portfolio Roadmap

What has been shipped, what is in progress, and what comes next.

✓ Completed

  • Portfolio website — 7 pages, live at portfolio.labsninja.com
  • SCIM Connector case study — architecture, flows, endpoints, controls
  • SSO Tracer case study — failure pattern library, 7 SAML/OIDC patterns
  • Zero Trust decision table — 6-actor policy model with explicit deny
  • Non-Human Identity governance model
  • IAM Control Mapping — 12 controls mapped
  • HTTPS deployment with Let's Encrypt SSL

↻ In Progress

  • Additional real screenshots — connector UI, audit log, admin dashboard
  • Additional architecture diagrams — Zero Trust and NHI visual flows
  • GitHub repository links — SCIM connector and SSO tracer repos
  • LinkedIn and contact links

□ Planned

  • Interactive Zero Trust policy simulator
  • Live SCIM demo tenant (test provisioning in real-time)
  • Non-human identity dashboard (scope comparison, over-privilege detection)
  • SSO Tracer Chrome extension MVP
  • Printable case-study summary after screenshots and diagrams are added

Need identity engineering, SCIM, SSO, or Zero Trust expertise?

This portfolio demonstrates practical identity-security work across SCIM provisioning, SSO troubleshooting, non-human identity governance, auditability, and IAM control mapping.